Powered by Zoomin Software. For more details please contactZoomin

What's New for Semaphore

Vulnerabilities reported in Semaphore products

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
Table of Contents

Vulnerabilities reported in Semaphore products

Save PDF
Save selected topicSave selected topic and subtopicsSave all topics
Share
Share to emailCopy topic URL
Print
  • Last Updated: May 13, 2026
  • 1 minute read
    • Semaphore
    • Documentation

Every night the Semaphore products are scanned for vulnerabilities. Critical and High vulnerabilities are assessed each morning. Generally critical and high vulnerability issues are dealt with immediately with new Semaphore releases where required. However, some vulnerabilities are deemed false positives and so might show up in your scans. A list of these is below.

CVE number Description Planned Action
CVE-2024-2700 This is an issue where some development environment variables are persisted into the production code. However, we do not set quarkus prefixed environment variables in our build system so this does not apply to our product. To remove the false positive, this library will be updated in due course.
CVE-2024-32007 We do not use the vulnerable functionality in the Apache CFX library. To remove the false positive, this library will be updated in due course.
TitleResults for “How to create a CRG?”Also Available inAlert